​Cyber attack top business threat for second year running

Cyber attack is the top threat perceived by businesses, according to the fifth annual Horizon Scan report published today by the Business Continuity Institute (BCI), in association with BSI. Similarly, the threat of a data breach rises to second in the list, up one place from 2015.

The annual BCI Horizon Scan assessed the business preparedness of 568 organizations worldwide and shows that three quarters (85%) of Business Continuity Managers fear the possibility of a cyber attack, with 80% worried about the possibility of a data breach similar to those suffered by Carphone Warehouse and Sony. A recent industry report * highlights the annualized cost of cyber crime per UK company now stands at £4.1 million, a 14 per cent increase in mean value since last year.

Concerns over supply chain disruption remained in the top ten, but fell two places from fifth last year to seventh this year. Almost half of those polled (47%) identified increasing supply chain complexity as a trend, leaving their organization vulnerable to disruption from conflict or natural disasters.

Concerns over the availability of talent and key skills entered the top ten for the first time this year, with 13% indicating they are ‘extremely concerned’ and 34% ‘concerned’ about the threat.

This year’s global top ten threats to business continuity are:

Cyber attack – static

Data breach – up 1

Unplanned IT & telecom outages – down 1

Act of terrorism – up 5

Security Incident – up 1

Interruption to utility supply – down 2

Supply chain disruption – down 2

Adverse weather – down 1

Availability of key skills – new entry

Health and Safety incident – new entry

David James-Brown FBCI, Chairman of the Business Continuity Institute, commented: “The need perceived by organizations to identify and build resilience to this range of threats reveals the importance of this survey for business continuity professionals, the Horizon Scan’s reputation and reliability make it one of the most popular reports in the industry on a global scale. It is indeed crucial for practitioners to advise organizations on what to prepare for and adjust their recovery plans accordingly.

"The industry landscape is rapidly changing, and so should our discipline in order to keep up with both traditional and modern challenges. At the top of the list this year we continue to see threats such as cyber attack, data breach and unplanned IT outages. More traditional threats such as terrorism continue to be ’front-of-mind’ for organizations. Given the rise of new challenges and the fact that old ones remain, horizon scanning techniques are even more valuable in assisting organizations to be prepared to the best of their potential.”

Howard Kerr, Chief Executive at BSI, commented: “2015 saw a number of high profile businesses across the world hit by cyber attacks, so it’s reassuring to see that so many are aware of the threat it poses. Our research finds it to be the top concern in six out of the eight regions surveyed.

“However, we remain concerned to see that businesses are still not fully utilizing the information available to them to identify and remedy weaknesses in their organizational resilience.

“It is difficult to conceive that either investors or employees will be reassured that the leaders of the organizations they trust are making strategic decisions without an effective evaluation of risk.

“Ultimately, organizations must recognize that, while there is risk, and plenty of it, there is also opportunity. Taking advantage of this means that leaders can steer their businesses to succeed by not just surviving, but thriving.”

The report also measures sentiment towards specific business trends and uncertainties. The use of the internet for malicious attacks remains on top this year, with 83% indicating their concern. Increasing supply chain complexity also features in the top ten and on the radar of 47% of respondents.

Despite growing fears over the resilience of their firms, the report records another fall in the use of long-term trend analysis to assess and understand threats, down 3% to 70% this year.

Of those carrying out trend analysis, a worrying third (33%) are not using the results to inform their business continuity management programmes.

Globally, business preparedness shows variations with 9 out of 10 (94%) organizations in Canada utilising trend analysis, while just 3 in 10 firms (29%) in the Caribbean and Latin America do so. Small businesses, evaluated for the second time in this year’s report, continue to lag behind with only 58% compared to 74% of larger businesses.

The report provides the strong recommendation that the rising costs of business continuity demand greater attention from top management. Encouragingly, adoption of ISO 22301, the business continuity standard, appears to be a common framework, with more than half (51%) of organizations now relying upon this.

- ENDS -

Notes to the editor:

*2015 Ponemon ‘Cost of cyber crime’ report

Note to the online survey: respondents were from 74 countries. The total number of respondents was 568.

A copy of the report is available on request to andrew.scott@thebci.org or can be downloaded from the BCI website (registration required).

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

About BSI

BSI (British Standards Institution) is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. Formed in 1901, BSI was the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO). Over a century later it continues to facilitate business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards, many of which BSI originated. Renowned for its marks of excellence including the consumer recognized BSI Kitemark™, BSI’s influence spans multiple sectors including Aerospace, Automotive, Built Environment, Food, Healthcare and ICT. With 80,000 clients in 182 countries, BSI is an organization whose standards inspire excellence across the globe.

Related / News

When it comes to assessing an organization’s ability to recover from a disaster, a significant disconnect exists between C-Suite executives and IT professionals. While nearly 7 in 10 CEOs, CFOs or COOs feel their organization is very prepared to recover from a disaster, according to a study by Evolve IP, less than half of IT pros (44.5%) are as confident.

What is the long term impact of a data breach? A study conducted by Thales e-Security has showed that the vast majority of people would reduce or eliminate the use of an organization’s products or services following a data breach, and only 16% of respondents would continue to use an organization’s products or services as usual.

​Cyber security remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Even though the ramifications of a cyber security incident can be damaging, both financially and reputationally, many cyber security executives indicate that information protection may not be the strategic corporate imperative that it should be.

There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies. 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations.

No business is too small to evade a cyber attack or data breach, and businesses across all industries are impacted by this threat. In fact, more than 50% of SMBs across North America have been breached in the last 12 months, according to a new study commissioned by Keeper Security, and conducted by the Ponemon Institute.

The accelerating pace of technology and criminal cyber capability currently outpaces the UK’s collective response to cyber crime, according to a new report published by the UK’s National Crime Agency. The Cyber Crime Assessment 2016 calls for stronger collaborative working between government, law enforcement and, crucially, business to reduce vulnerabilities and prevent crime.

You wouldn't invest in security for your home and then leave the key to the front door under the welcome mat and the alarm code written on a post-it note next to the control panel. Yet this is effectively how some people treat their IT security. More than half of UK office workers say their employers have provided no cyber security awareness training leaving organizations vulnerable.

Almost half (45%) of firms with cyber insurance are unsure if their policy is up-to-date for covering new cyber social engineering attacks, and only 10% believe it is completely up-to-date. Just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

At the DRJ Spring World Conference in Orlando earlier this year, the BCI 20/20 Think Tank US Group hosted a session titled 'BCI 20/20 - The future of the continuity industry'. The discussion that followed covered a wide range of issues which illustrated the changing resilience landscape that ​business continuity professionals face today.

Small businesses are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy, according to a new report by the Federation of Small Businesses, with firms collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.